I feel that I have some sort of love for space which I have yet to release into the world.
This is my new tool for viewing statistics from vnStat. I needed it with my new router, so I thought I’d open source my efforts.
The repository is at https://git.gec.im/GRMrGecko/vnStatGraphP/tree/master
I just built a router which is overkill. I’m going to be using pfSense as the operating system and I’ll have security utilities like Snort running on it to protect my network. The main idea for building this with the specs I went with is I can expand. If I wanted 1Gb/sec, it can handle it. If I wanted 10Gb/sec, I could upgrade with a 10Gb PCIe card. So when you look at specs of other routers being 128MB of storage, 128MB of ram, and 650MHz processors, just remember the main idea of it being overkill.
CPU: 3.2GHz Quad Core I5
Network: Dual Gb Ethernet on mother board
WiFi: Dual Band 2.4/5GHz with AC support
If you want a full list of parts that went into it, visit the following: https://secure.newegg.com/WishList/PublicWishDetail.aspx?WishListNumber=36984228
See lovely photos below which shows how awesome the machine looks.
There is a time when regular people need to know how to make secure passwords, I personally wouldn’t use this service as I have no idea if they log the passwords generated with an IP address… They at least generate 3 so they won’t know which one you choose, provide the password over TLS, and they at least provide a good example for people to learn what a good password could look like.
The site is located at https://xkpasswd.net/
I have posted the source code to the website I wrote for the IT Club of Calhoun. It was mostly stuff I just threw together quickly and uses a key stretching algorithm I wrote which will work, but should really be PBKDF2 or something similar.
The website allows for easy modification by someone other than myself as my term for presidency of the IT Club is over and I want to allow future presidents to be able to modify the site to their hearts content.
I just learned of a site shared by a friend that has error codes that every website should adopt. https://http.cat/ The cat theme goes perfectly with the most important thing to the internet. Now, if you don’t adopt these wonderful cats, do some other funny ones like what I do with my website by putting geckos. Google does something funny as well for error codes, if we all do funny things the internet would be fun.
There are services like Dropbox, Google Drive, and One Drive which allows you to sync your files across multiple devices. One thing all of these providers lack is privacy. Because your files are on someone’s computer, you risk them making mistakes like what Dropbox had a history of doing.
I will separate the options available between two different categories. Products which requires that you either have a server or that you use a third party provider, and products that requires no server.
These are good for the cases where you have your own server or have a home computer you can leave open and open ports on. All files are stored on the server and the server is used as a main location for all your devices to sync to.
The main reason this is good is because you can share files with others easily by just creating a shared link which the person you’re sending the file to can just click and download without installing additional software.
Seafile my choice as it can use client side encryption which uses keys the server does not know. While this may not be important to you if you own the server, if it’s in a third party data center it could prevent them from taking a peak at your data.
Seafile is written by people in China, but have been audited and when problems are found they fix them quickly so I have no reason not to trust it personally.
OwnCloud is a popular choice, I haven’t had too much experience with it due to it having a bug that isn’t going to be fixed on my server platform of choice. Take a look for yourself to see if it looks like something you’d like.
One thing OwnCloud is great for is when you have a server which you don’t control via SSH and it only supports PHP. Some servers don’t allow running custom binaries like what Seafile server is.
A bad thing would be because it just has community support, they don’t fix bugs that quickly.
Pydio seems a bit like OwnCloud, and not much more than that.
4. Sparkle Share
Sparkle Share is a simple product which does encrypted syncing to a git repository. I wouldn’t recommend it as it doesn’t include features you’d expect and get from other products like Seafile and OwnCloud.
No server required.
These products do not require a server to function which means you don’t have to setup a server to sync files at all. You can setup a server and use it as a master which every device can sync to and from if you want some of the same sort of things that a server provides.
This is good as if your server is dead, you may be able to get your files from another machine which is still alive. But these systems lacks the ability to share files with a direct download. You can still share files, but the people who wants the file will have to download and install the client.
Syncthing is my choice for file synchronization. It is a bit harder to use than the other choice, but it is open source and provides a lot of power.
Syncthing is designed more for server setups as it uses a Web UI to manage and to configure it to startup automatically, you have to use a daemon configuration. Daemon configurations are not easy for people who don’t know computers that well, but they do have some instructions on how to set it up.
Something this is not great at is sharing folders with others. You have to hand your ID to someone, then when they add you, you have to determine that it’s actually them by reading the first few characters and then choose the folder you wish to sync with them. Discovery is all automated through the announcer servers, but it’s a bit more involved to share a folder than other solutions.
2. BitTorrent Sync
This is a closed source option made by the BitTorrent corporation which because it’s closed source you can never tell if it’s really doing what they say it does. I have no reason to believe that they are doing anything wrong, but it’s just a word of caution. Syncthing seems to do a better job at synchronization than this from my experiments, but it’s your choice.
One thing BTSync does well is sharing folders. You can share a folder easily by dragging to the icon and getting a link to share with a friend. The link will ask the person to install BTSync to receive the files if they don’t already have it.
As an overview, Syncthing is stable, but also is hard to use for people who knows little about computers; even with it’s down falls, it is my choice for server-less sync. Seafile is a great stable solution for server based file syncing.
Something that has become popular in recent times is messaging clients like facebook Messenger, Apple Messages, WhatsApp, and Hangouts. The issue is not all of these systems are secure.
Issues with popular methods:
1. WhatsApp – Owned my facebook, closed source, unknown encryption.
2. facebook Messenger – facebook knows everything you say.
3. Apple Messages – Apple acts as key server and can add their own key if they want future messages and only Apple Devices.
4. Hangouts – Google sees everything.
This post will first explain different things that can be done to protect privacy and show a table of my recommendations of clients with the different items I talked about checked or not.
Peer to Peer (P2P) – Making a direct connection to the other person you are communicating with.
This can be both a good and a bad thing. It is a good thing as your messages are not going to a third party server, but it does go through Internet Service Providers (ISPs) which they can view and capture the traffic which isn’t much different from going to a third party. It is a bad thing because an ISP can view which IP address you are communicating with and with this information, they can correlate (build a map) as to who you communicate with.
Self Hosted – You own the server which is used to communicate with your friends.
Self hosted is basically like P2P, as if you own it, basically your friends talk directly to you. While you can self host, you can also use either your friends (mine) server or even a third party (Example: jabber.org allows you to register an account with them).
End to End (E2E) Encryption – Encrypting your messages so that only the person you’re communicating with can read the message.
This is a must when you’re talking privacy, if you encrypt just for the server that doesn’t protect you from the third party. If jabber.org decided to be malicious or was hacked and you were not encrypting your messages using GPG/PGP or OTR, your messages can be read.
Open Source – Proof that the software does what it says.
In my book, this is a must because I like to compile my clients myself. While it can be proof that the software does what it says, if you download binaries from the service you may not know if those binaries are actually the result of the code. The third party could have compiled some secret back door into the binaries, but left those out of the source code. Trusting them to do the right thing is up to you, I’d say if you don’t know how to compile go ahead and use what they provide. If you trust the third party, go ahead and use what they provide.
Server for Transportation of Messages – When you send a message, it is sent to a third party to be delivered to your destination.
If the third party server is taken over by hackers or if the people owning the servers themselves decide to be malicious, they can capture messages and do what they want. Now if you have E2E Encryption, this may not be such a bad issue. But if the encryption is poorly written, then it could be possible for a malicious person to figure out what was in the messages your sent. The only major issue with a server transporting messages is they must know where to transport them to which means they can more easily correlate who is talking with whom.
Server for Key Discovery – Having a server tell you how to encrypt for E2E Encryption.
If the server tells you the public key to encrypt your messages with, it is also possible for them to become a man in the middle with encryption. They can say, here is the user’s public key and have it actually be their own allowing them to decrypt and see the messages then re-encrypt and forward to the person you’re communicating with.
Encryption Optional – Messages can be sent in plain text.
This can be a bad thing as if you or the person you are communicating with decides to not encrypt, your messages goes in the clear and can be read by anyone. For both XMPP and IRC, I have disabled non-encrypted methods of talking to the server so it is only possible when a third party decides to allow non-encrypted for the messages to go in the clear.
Traffic Correlation – Governments or server owners can make a map of who you talk to.
This is something which the NSA does often, they collect phone records to find out who you talk with. If it’s possible for correlation of messages, then they get data they want and can possibly figure out who you are and who you’re talking with by matching other data captured.
Now that you have an idea on what is good and bad for privacy and what clients do what and support what, I will post my own little comments on each client.
To me, Tox seems like something made by a designer and not a programmer as the client isn’t exactly stable on some platforms and when you look at the github page for the mac client they have almost nothing done with code, but things done mostly on the design side.
One thing I personally do not like about Tox is you can’t run it in two places at the same time. I have lots of devices and if I want to leave the house and still be on tox, I’d have to quit the client on my PC and open it on my phone, which I have a hard time getting the client for my phone in the first place.
To sum things up; it looks promising, but needs lots of work.
My ID is DF98B2F03C128CE28970C08EC51D72E645627215B5049B8905E6D6FFA1FA6D00F54195874542
I am not usually on this.
This one is a very interesting concept. The idea is there is three forms of verification, the ID, contact info in your address book, and physical verification via QR Code. You can trust that your messages are going to the right person when you physically verified them.
The main issue with this client is you can only have one identity per device, so I can’t even use it on my computer and my phone if they had a client for the computer.
My ID is TJZMN3TJ
Have not really played with this one because I know none who has it. But I am told good things about it from podcasts.
This is in early stages in my opinion, I haven’t really played with it either.
My ID is 86f4df59a91ea2dc970a22f0c2b053a04eaf364e198faf071e5e0fc91d728d10,GRMrGecko
I am not usually on this.
5. XMPP (Jabber)
This is a protocol which I love, it supports signing into other services like Facebook and Skype and also supports talking to people on other XMPP servers. XMPP is supported on all platforms and can be used fairly secure. If you want to fix issue x, you can do so. For example, Traffic Correlation issue can be fixed by you setting up the server behind a TOR Hidden Service.
My favorite XMPP Server is Prosody, you do not have to setup your own server if you don’t want to as services such as jabber.org exists and you can get an account on my server by contacting me or registering using xmpp. Servers can be enabled SSL and can also force SSL which is a good thing. Make sure that when you connect to any XMPP server that you are using SSL so that your messages at least get encrypted to the server. You can further secure your messages by using OTR or GPG, but I think if you trust the server you’re talking with, there is no need.
My account is email@example.com (x is for XMPP).
6. IRC (Internet Relay Chat)
Mainly designed for chat room style messaging, but also can be used for private messaging with OTR.
I have my own server at irc.gec.im which I hangout in #hangout. IRC is the same sort thing as XMPP where you can fix issues that exists and can encrypt your messages using OTR. I only have SSL enabled on my server at port 6697.
As an overview, I prefer XMPP, and IRC as messaging systems. If you want to talk with me, try using one of those as I am pretty much always on them. You should now have a better understanding of how to protect yourself when talking with friends.